Security NewsWatch

NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

View in Your Browser at https://nsi.org/Security_NewsWatch/NewsWatch/5.17.17.html

 

In this issue — Jun 21, 2017

  • Data on 198 Million Voters Exposed by GOP Contractor
  • Afghan Soldier Wounds 7 US Soldiers in Insider Attack
  • Army Fighting Hacking and Jamming of Drones
  • Report Says Post-Snowden Efforts to Secure NSA Data Fell Short
  • UK Hacker Pleads Guilty to Stealing US Satellite Data
  • NSA Confident North Korea Was Behind Massive ‘WannaCry’ Attack
  • NSA Leaker’s Security Clearance Prompts Questions from Senators
  • Experts Warn Lawmakers of Increasing China Cyberespionage Attacks
  • US Warns of North Korea’s ‘Hidden Cobra’ Botnet
  • Why We’re Struggling in the Digital War on ISIS

 

Data on 198 Million Voters Exposed by GOP Contractor (The Hill, 6/19/17)  

A data analytics contractor employed by the Republican National Committee left databases containing information on nearly 200 million potential voters exposed to the Internet without security, allowing anyone who knew where to look to download it without a password.  “We take full responsibility for this situation,” said the contractor, Deep Root Analytics, in a statement.     The databases were part of 25 terabytes of files contained in an Amazon cloud account that could be browsed without logging in.  The account was discovered by researcher Chris Vickery of the security firm UpGuard.  The files have since been secured.  Vickery is a prominent researcher in uncovering improperly secured files online.  But, he said, this exposure is of a magnitude he has never seen before. More

 

Afghan Soldier Wounds 7 US Soldiers in Insider Attack (AP, 6/18/17)  

An Afghan soldier opened fire on American soldiers on Saturday, injuring at least seven, the US military said.  It was the second such insider attack by an Afghan soldier in the past week.  Abdul Qahar Araam, spokesman for the 209th Army corps, confirmed that an insider attack took place at a camp in Mazar-e Sharif.   Araam said the soldiers returned fire and killed the attacker.  Gen. Dawlat Waziri, spokesman for the Afghan Defense Ministry, also confirmed the attack.  The Resolute Support mission announced on its Twitter feed that seven US service members were wounded but said there were no US fatalities.  It said one Afghan soldier was killed and one wounded.  Last week, three US soldiers were killed by an Afghan soldier in eastern Nangarhar province. More

 

Army Fighting Hacking and Jamming of Drones (Scout Warrior, 6/18/17)  

The Army and Textron are adding new computer processing power and cyber-hardening technology to the current inventory of ground control stations operating drones in combat, as a way to better defend against enemy hacking, jamming, and interference with video feeds, service officials said.  The Textron-built Universal Ground Control Station (UGCS), which currently operates the Army’s Shadow and Grey Eagle drones, is being engineered with new performance-enhancing software to secure drone controls and drone video feeds from hacking, interference, and cyberattacks.   “The UGCS hardware obsolescence effort replaces components within the existing UGCS, reducing weight and easing the burden on heavily-laden tactical vehicles.  The new hardware will provide increased computing power — accommodating the new software architecture developed under the software obsolescence effort,” Capt. Scott Zimmerman, Assistant Product Director for UGCS, said.  More

 

Report Says Post-Snowden Efforts to Secure NSA Data Fell Short (NYT, 6/16/17)  

The government’s efforts to tighten access to its most sensitive surveillance and hacking data after the leaks of NSA files by Edward J. Snowden fell short, according to a newly declassified report.  The NSA failed to consistently lock racks of servers storing highly classified data and to secure data center machine rooms, according to the report, an investigation by the Defense Department’s inspector general completed in 2016.   The report was classified at the time and made public in redacted form last week in response to a Freedom of Information Act lawsuit.  The agency also failed to meaningfully reduce the number of officials and contractors who were empowered to download and transfer data classified as top secret, as well as the number of “privileged” users, who have greater power to access the most sensitive computer systems. More

 

UK Hacker Pleads Guilty to Stealing US Satellite Data (Info Security, 6/16/17)  

A UK man has pleaded guilty to hacking the US Department of Defense and stealing the account details of hundreds of users of a satellite system.  Sean Caffrey, 25, admitted illegally accessing and stealing the ranks, usernames, and email addresses of more than 800 users of a military communications system.  He also pleaded guilty to theft of user details linked to around 30,000 satellite phones, according to the UK’s National Crime Agency.   Officers from the NCA’s National Cyber Crime Unit arrested Caffrey in March 2015 after tracing the attack back to his IP address.  A subsequent analysis of his hard drive apparently revealed the stolen data.  Officers were also able to trace back an online messaging account linked to the attack to computers owned by Caffrey, the NCA said.  “After strong partnership working between the NCA, the FBI, and the DoD’s Defense Criminal Investigative Service, there was very clear, very compelling evidence,” said an NCA spokeswoman. More

******************************************************************************************

 

Help Your Employees Connect to the “Why” in Security

Protecting classified and sensitive information depends more than ever on the human element of security — employees. The sad fact is, employees are still the weakest link in the security chain because they’re not trained to be security-conscious. A report by Ernst & Young finds that “security awareness programs at many organizations are weak, half-hearted and ineffectual.” As a result, employees ignore them. Many employees are not invested in the process because they don’t understand what’s in it for them.

 

What you can do about it: A simple, proven approach.

Now you can gain visibility and buy-in for your security program with the EMPLOYEE SECURITY CONNECTION – the proven security awareness solution exclusively for cleared defense contractors and government agencies.  It’s the best way to ensure your employees are prepared for your next government security inspection.  To learn more about how this valuable resource can help motivate your employees to practice good security habits…help you achieve better inspection results…and satisfy a major NISPOM awareness requirement… please click on the following link: http://nsi.org/es-connection.html

******************************************************************************************

 

NSA Confident North Korea Was Behind Massive ‘WannaCry’ Attack (Dark Reading, 6/15/17)  

The NSA appears to have joined the ranks of those convinced that the North Korean government was behind the recent WannaCry ransomware epidemic, even as others remain skeptical of that conclusion.  According to reports, NSA officials have determined with “moderate confidence” that the tactics and techniques used in the WannaCry attacks point to the Reconnaissance General Bureau, the North Korean intelligence agency.   The motive for the attacks apparently was to raise money in the form of ransom payments from victims.  The NSA’s assessment concludes that threat actors sponsored by the North Korean intelligence agency created two versions of WannaCry.  News of the NSA’s analysis coincides with a somewhat oddly timed release this week of a US-CERT technical analysis linking the North Korean government to a botnet used to launch DDoS attacks worldwide.  Together, the developments suggest that the government could be making a case for retaliatory action against the North Korean government. More

 

NSA Leaker’s Security Clearance Prompts Questions from Senators (Fox News, 6/15/17)  

Senate Homeland Security and Governmental Affairs Committee Chairman Ron Johnson and Ranking Member Claire McCaskill sent a letter to OPM last week questioning the security clearance process for Reality Winner, the NSA contractor accused of leaking classified information about attempted Russian hacking of the 2016 presidential election.  Johnson, R-Wis., and McCaskill, D-Mo., wrote Kathleen McGettigan, OPM’s Acting Director, that they were looking for answers to the process under which the federal government issues, monitors, and investigates those with security clearances.   Winner, a 25-year-old Air Force veteran, is accused of leaking a classified intelligence report containing Top Secret level information to an online news site.  The report, according to the Department of Justice, contained classified defense information from an intelligence community agency. More

 

Experts Warn Lawmakers of Increasing China Cyberespionage Attacks (GovConWire, 6/15/17)  

Experts at a Senate Committee on Foreign Relations hearing last week warned lawmakers that Chinese government hackers appear to be once again targeting private US companies and organizations.  Anecdotally, there appears to be a re-emergence of economic-related espionage by Chinese hackers, reported Samantha Ravich, an adviser to the Foundation for Defense of Democracies.   She said that after a brief lull, it looks as if hackers had returned to “business as usual, meaning the wholesale theft of [intellectual property] on the private sector side.”  Chinese cyberespionage operations include hacking activities aimed at stealing trade secrets, intellectual property, or other confidential business information.  Theft of US trade secrets each year ranges from $180 to $540 billion, according to the British insurance company Lloyds. More

 

US Warns of North Korea’s ‘Hidden Cobra’ Botnet (Dark Reading, 6/14/17)  

The US-CERT last week formally identified the North Korean government as being behind a distributed denial of service (DDoS) botnet infrastructure that has been used to target media, financial, aerospace, and critical infrastructure organizations in the US and elsewhere.  In an advisory, the agency provided indicators of compromise, malware descriptions, and network signatures associated with the malicious North Korean cyber-operation, dubbed Hidden Cobra.   Included in the alert were IP addresses of systems infected with DeltaCharlie, the malware used to manage the North Korean botnet.  Organizations that detect any of the tools associated with Hidden Cobra on their networks should immediately mitigate the threat and report their discovery to the DHS National Cybersecurity Communications and Integration Center (NCIC) or to the FBI, US-CERT said. More

 

Why We’re Struggling in the Digital War on ISIS (Cyber Scoop, 6/14/17)  

The US military’s reported inability to effectively “drop cyber bombs” on the Islamic State is raising new questions about the military’s existing cyberweapons arsenal, a loosely defined collage of digital warfare capabilities shrouded in secrecy.  Computer network attacks have been conducted by operators within the NSA and US Cyber Command, the military’s top cyberwarfare unit, under the order of Joint Task Force Ares.  While the two organizations are inherently aligned, the NSA and Cyber Command follow different missions and employ different capabilities.   Very little is publicly known about either the intelligence community or military’s ability to conduct offensive cyber-operations; the subject matter is generally considered classified if not highly sensitive.  A leaked CIA document published in March by WikiLeaks provides a rare window into how analysts conduct cyberwarfare operations; describing one instance in which an operator worked to remotely disrupt a video player likely being used by a terrorist through a computer network attack. More

 

Keep Getting This Newsletter To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book. TO SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI’s complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html. TO UNSUBSCRIBE: This news service comes to you from the news team at the National Security Institute. If you do not wish to receive it in the future, please reply to this e-mail with the subject line “Un-subscribe.” Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call 508-533-9099.

National Security Institute 165 Main Street, Suite 215 Medway, MA 02053 Tel: 508-533-9099 Fax: 508-507-3631 Internet: http://nsi.org